Cryptography Reference
In-Depth Information
and that this holds regardless of the choice of the round function
f
. Instead of
starting with 64 bits of plaintext, we input 64 bits of ciphertext into the start
of the Feistel Cipher algorithm and then process it in exactly the same way as
described in Figure 4.4. The end result will be the correct 64 bits of plaintext.
This is more than just a convenience, since it greatly assists implementation of a
Feistel Cipher because almost the same algorithm can be used for both encryption
and decryption. In particular, the same piece of hardware can be used for both
processes.
The reason that we say
almost
the same is that in real instances of the Feistel
Cipher, such as DES, instead of using the whole encryption key during each
round, a round-dependent key (often referred to as a
subkey
) is derived from
the encryption key. This means that each round uses a different key, although all
these subkeys are related to the original key. In the case of decryption, the only
difference is that these subkeys must be used in the reverse order to encryption.
Note that the final swapping of
L
m
and
R
m
in step 7 of the Feistel Cipher is
crucial. If we did not swap these around at the end of step 7 then the resulting
ciphertext could not be decrypted using the same algorithm.
NUMBER OF ROUNDS
The number of rounds used in a Feistel Cipher is part of the design specification
of a particular instance of the Feistel Cipher. DES, for example, uses 16 rounds.
The design principle regarding the number of rounds is fairly straightforward.
The more rounds there are, the more secure the resulting block cipher generally
becomes. This is intuitive, since the plaintext becomes 'more scrambled' and an
exhaustive key search takes slightly longer. However, the more rounds there are,
the more inefficient the resulting encryption (and decryption) process becomes.
This design decision once again concerns an efficiency-security tradeoff.
4.4.2
Specification of DES
DES is an example of a Feistel Cipher. It has a 64-bit block size, a 64-bit key length
and uses 16 rounds. Note that DES has an effective key length of 56 bits, since
8 of the 64 bits of the key are not used by the encryption algorithm (they are
check bits). Knowing that DES is based on the Feistel Cipher blueprint, all that is
required to fully specify DES is:
• the round function, which is based on taking groups of input bits and replacing
(
substituting
) them according to some rules based on tables known as
S-boxes
;
• the
key schedule
, which identifies which bits of the key are used to form the
subkeys for any given round;
• any additional processing steps; for example, DES conducts an
initial permu-
tation
of all the input bits before the first encryption round begins, and then
performs the inverse of this permutation to all the output bits immediately after
the last encryption round has been completed.
